module
Pimcore Gather Credentials via SQL Injection
| Disclosed | Created |
|---|---|
| Aug 13, 2018 | Mar 19, 2019 |
Disclosed
Aug 13, 2018
Created
Mar 19, 2019
Description
This module extracts the usernames and hashed passwords of all users of
the Pimcore web service by exploiting a SQL injection vulnerability in
Pimcore's REST API.
Pimcore begins to create password hashes by concatenating a user's
username, the name of the application, and the user's password in the
format USERNAME:pimcore:PASSWORD.
The resulting string is then used to generate an MD5 hash, and then that
MD5 hash is used to create the final hash, which is generated using
PHP's built-in password_hash function.
the Pimcore web service by exploiting a SQL injection vulnerability in
Pimcore's REST API.
Pimcore begins to create password hashes by concatenating a user's
username, the name of the application, and the user's password in the
format USERNAME:pimcore:PASSWORD.
The resulting string is then used to generate an MD5 hash, and then that
MD5 hash is used to create the final hash, which is generated using
PHP's built-in password_hash function.
Authors
Thongchai Silpavarangkura
N. Rai-Ngoen
Shelby Pace
N. Rai-Ngoen
Shelby Pace
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.